Configuring a Router to Dial Multiple Sites using ISDN BRI

Document ID: 14562

Contents
Introduction Prerequisites Requirements Components Used Conventions Related Products Configure Network Diagram Configurations Verify Troubleshoot Troubleshooting Commands Debug Output Related Information

Introduction
In certain situations, you would need to configure a router to dial multiple sites. For example, you may have to dial one router to connect to a part of your corporate network, and dial the Internet Service Provider (ISP) router to connect to the Internet. This document presents a configuration example in which a central router accesses the Internet, and a remote office uses Integrated Services Digital Network (ISDN). The remote office can also access the central router and the Internet through the central router.

Prerequisites
Requirements
Before you proceed with this configuration, ensure that you: Verify that ISDN Layer 1 and 2 are up. For more information, see Using the show isdn status Command for BRI Troubleshooting. Obtain the necessary information from the ISP, such as the authentication method, which could be Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP), the username and password, the number to dial, and the IP address for the dialer interface (unless the interface uses a negotiated address). Also, find out if NAT is needed to connect multiple hosts to the ISP. From the remote router, obtain information about the authentication method, username and password, the number to dial, and the IP address.

Components Used
The information in this document is based on these software and hardware versions: Cisco 803 router with Cisco IOS Software Release 12.1(11) IP plus. Note: If you need to configure NAT, ensure that you have the IP Plus (it has an "is" in the IOS file name) feature set. Cisco 2501 router, which is the remote office that runs Cisco IOS Software Release 12.2(5). Note: The configuration for the ISP router is not included. Refer to the Access Technology Support Pages for some example configurations. The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.

Conventions
For more information on document conventions, see the Cisco Technical Tips Conventions.

Related Products
This configuration can be used with any router with a Basic Rate Interface (BRI) interface. This includes routers with builtin BRI interfaces, such as Cisco 800 (for example, 801, 802, 803, 804) and Cisco 1600 (for example, 1603R and 1604R) Series Routers. It also includes routers that accept BRI WAN Interface Cards (WICs) or Network Modules, like the 1600, 1700, 2600 and 3600 Series. For more information on BRI WICs or Network Modules, refer to WAN Interface Card (WIC) / Platform Hardware Compatibility Matrix for 1600, 1700, 2600 and 3600 Series Routers. Note: Use the show version command to check whether your router has a BRI interface.

Configure
In this section, you are presented with the information to configure the features described in this document. Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .

Network Diagram
This document uses this network setup:

Configurations
In this configuration, the central router is named "central" and the remote corporate office is named "remote". On central, dialer interface 1 is configured to access the Internet. The IP address is dynamically assigned by the ISP. NAT is used to allow the IP networks of the central LAN, remote LAN, and centralremote WAN to access the Internet with the help of one dynamicallyassigned IP address. Contact your ISP to check whether you need NAT. Note: We have configured both PAP and CHAP, because this depends on what the ISP has configured (however, only one of them is used). central
version 12.1 no parser cache service timestamps debug datetime msec service timestamps log datetime msec ! hostname central ! username remote password 0 remote ! Username and shared secret password for the router (remote) ! (used for CHAP authentication). ! Shared secret password must be the same on both sides. ! isdn switchtype basicnet3 ! ! interface Ethernet0 ip address 10.1.0.1 255.255.255.0 ip nat inside ! Ethernet 0 is an inside NAT interface. ! All traffic from this network will be translated. no cdp enable ! interface BRI0 ! If you have additional BRIs, copy this BRI 0 configuration to the other BRIs. no ip address

encapsulation ppp dialer poolmember 1 ! Assign BRI0 as member of dialer pool 1. ! Dialer pool 1 is specified in interface Dialer 1. dialer poolmember 2 ! Assign BRI0 as member of dialer pool 2. ! Dialer pool 2 is specified in interface Dialer 2. isdn switchtype basicnet3 ! This depends on the country. no cdp enable ppp authentication chap pap callin ! Permit oneway CHAP and PAP authentication. ! Configure authentication on both the physical and dialer interface. ! interface Dialer1 ! Create a dialer interface for every device to which you need to connect. description CONNECTION TO INTERNET ip address negotiated ! This IP address is obtained from the ISP. If the ISP permits a static ! address, configure that address instead. ip nat outside ! The Outside NAT interface. Because this interface only has one IP address, ! all traffic from the inside network will be Port Address Translated (PAT). encapsulation ppp dialer pool 1 ! Dialer profile 1. Remember that interface BRI 0 is a member of this profile. dialer remotename ISP dialer idletimeout 180 dialer string 6122 ! The number used to dial the ISP. dialergroup 1 ! Apply interesting traffic definition from dialerlist 1. no cdp enable ppp authentication chap pap callin ppp chap hostname XXXXX ! XXXXX is the username the ISP expects in order to authenticate this router. ! For more information, refer to the document on ppp chap hostname. ppp chap password YYYYY ! YYYYY is the password the ISP expects in order to authenticate this router. ppp pap sentusername XXXXX password YYYYY ! PAP username and password.

! This is required only if the ISP does not support CHAP. ! interface Dialer2 description CONNECTION TO REMOTE OFFICE ip address 192.168.17.2 255.255.255.252 ! IP address for the connection to the remote office. ! The remote office BRI interface is in the same subnet. ip nat inside ! Dialer 2 is an inside NAT interface. ! With this configuration, traffic from remote office is translated ! before it is sent to the ISP. encapsulation ppp dialer pool 2 ! Dialer profile 2. Remember that interface BRI 0 is a member of this profile. dialer remotename remote ! Specifies the remote router name (remote). ! This name must match that used by the remote router to authenticate itself. ! Remember that we configured the router username and password earlier. dialer idletimeout 180 dialer string 6121 ! Number used to dial the remote office router. dialergroup 1 ! Apply interesting traffic definition from dialerlist 1. no cdp enable ppp authentication chap callin ! ip nat inside source list 101 interface Dialer1 overload ! Establishes dynamic source translation (with PAT) for addresses that are ! identified by the access list 101. no ip http server ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! Default route. Such traffic will use dialer 1 to the ISP. ip route 10.2.0.0 255.255.255.0 Dialer2 ! Route to remote router network. Traffic for 10.2.0.0/24 uses Dialer2. ! accesslist 101 permit ip 10.1.0.0 0.0.0.255 any accesslist 101 permit ip 10.2.0.0 0.0.0.255 any accesslist 101 permit ip 192.168.17.0 0.0.0.3 any ! Defines an access list that permits the addresses to be translated. ! Note that the Ethernet 0 network, the remote router network and the ! BRI network (between this router and the remote one) will be translated. dialerlist 1 protocol ip permit ! Interesting traffic definition.

! This definition is applied to both connections. ! If you need to define different interesting traffic for each connection, ! create two dialerlists and apply one to each dialer profile with dialergroup. no cdp run ! line con 0 exectimeout 3 0 line vty 0 4 exectimeout 3 0 ! ! end

remote
version 12.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname remote ! username central password 0 remote ! Username and shared secret password for the router (central) ! (used for CHAP authentication). ! Shared secret must be the same on both sides. ! isdn switchtype basicnet3 ! interface Ethernet0 ip address 10.2.0.1 255.255.255.0 ! Remember that this network is included in the NAT statements on central. no cdp enable ! interface BRI0 no ip address encapsulation ppp dialer poolmember 1 ! Assign BRI0 as member of dialer pool 1. ! Dialer pool 1 is specified in interface Dialer 1. isdn switchtype basicnet3 no cdp enable ppp authentication chap ! interface Dialer1 ip address 192.168.17.1 255.255.255.252 encapsulation ppp dialer pool 1 ! Dialer profile 1. Remember that interface BRI 0 is a member of this profile. dialer remotename central ! Specifies the name of the other router (central). ! This name must match that used by the remote router to authenticate itself. ! Remember that we configured the router username and password earlier. dialer string 6131

! The number used to dial the central router. dialergroup 1 ! Apply interesting traffic definition from dialerlist 1. pulsetime 0 no cdp enable ppp authentication chap callin ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! Default route. Such traffic will use dialer 1 to the central router. no ip http server ! dialerlist 1 protocol ip permit ! All IP traffic is interesting. ! line con 0 exectimeout 3 0 line aux 0 line vty 0 4 exectimeout 3 0 ! end

Verify
This section provides information you can use to confirm your configuration is working properly. Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output. show isdn activeshows the ISDN number you have used to place the call, and indicates whether the call is inbound or outbound. show caller ipdisplays a summary of caller information for the IP address you provide. show ip interface dialer 1 | include Internetlists a summary of a dialer interface's IP information and status. show dialer [interface type number]displays general diagnostic information for interfaces configured for dialondemand routing (DDR). If the dialer came up properly, this message appears:
Dialer state is data link layer up

If physical layer up appears, it implies that the line protocol came up, but the Network Control Protocol (NCP) did not. The source and destination addresses of the packet that initiated the dialing are shown in the Dial reason line. This show command also displays the configuration of the timer, and the time before the connection times out.

Troubleshoot
This section provides information you can use to troubleshoot your configuration.

Troubleshooting Commands
Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output. Note: Before issuing debug commands, please see Important Information on Debug Commands. debug dialerdisplays debugging information about the packets or events on a dialer interface. debug isdn q931displays information about call setup and teardown of ISDN network connections (Layer 3) between the local router (user side) and the network. debug ppp negotationdisplays information on PointtoPoint Protocol (PPP) traffic and exchanges during the negotiation of PPP components, and includes information on Link Control Protocol (LCP), Authentication, and NCP. A successful PPP negotiation will first open the LCP state, then Authenticate, and finally negotiate NCP. debug ppp authenticationcauses the debug ppp command to display authentication protocol messages, including CHAP packet exchanges and PAP exchanges. debug ip peercontains information on the peer.

Debug Output
To troubleshoot the configuration, use these debugs:
central#debug isdn q931 ISDN Q931 packets debugging is on central#debug dialer Dial on demand events debugging is on central#debug ppp negotation PPP protocol negotiation debugging is on central#debug ppp authentication PPP authentication debugging is on central#debug ip peer IP peer address activity debugging is on

The router called central initiates a call to the Internet: 198.133.219.25 is an IP address on the Internet.
central#ping 198.133.219.25 :.!!!! Success rate is 80 percent (4/5), roundtrip min/avg/max = 40/41/44 ms *Mar 1 00:06:12.984: *Mar 1 00:06:12.988: d=198.133.219.25) *Mar 1 00:06:12.988: *Mar 1 00:06:12.996: BR0 DDR: rotor dialout [priority] BR0 DDR: Dialing cause ip (s=172.17.243.115, BR0 DDR: Attempting to dial 6122 ISDN BR0: TX > SETUP pd = 8 callref = 0x01

! central initiates the call to ISDN number 6122. *Mar 1 00:06:13.000: *Mar 1 00:06:13.008: *Mar 1 00:06:13.008: Type:Unknown *Mar 1 00:06:13.088: *Mar 1 00:06:13.092: *Mar 1 00:06:13.244: Bearer Capability i = 0x8890 Channel ID i = 0x83 Called Party Number i = 0x80, '6122', Plan:Unknown, ISDN BR0: RX < CALL_PROC pd = 8 callref = 0x81 Channel ID i = 0x89 ISDN BR0: RX < CONNECT pd = 8 callref = 0x81

! central receives a connect message : the ISDN B channel is established. *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar 1 1 1 1 1 1 1 1 1 1 1 00:06:13.252: 00:06:13.260: 00:06:13.268: 00:06:13.272: 00:06:13.280: 00:06:13.280: 00:06:13.284: 00:06:13.284: 00:06:13.284: 00:06:13.300: 00:06:13.300: ISDN BR0: TX > CONNECT_ACK pd = 8 callref = 0x01 %LINK3UPDOWN: Interface BRI0:1, changed state to up BR0:1: interface must be fifo queue, force FIFO %DIALER6BIND: Interface BR0:1 bound to profile Di1 BR0:1 PPP: Treating connection as a callout BR0:1 PPP: Phase is ESTABLISHING, Active Open BR0:1 PPP: No remote authentication for callout BR0:1 LCP: O CONFREQ [Closed] id 1 len 10 BR0:1 LCP: MagicNumber 0x108130DD (0x0506108130DD) BR0:1 LCP: I CONFREQ [REQsent] id 132 Len 15 BR0:1 LCP: AuthProto CHAP (0x0305C22305)

! The ISP wants to use CHAP authentication. *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 00:06:13.304: 00:06:13.304: 00:06:13.308: 00:06:13.308: 00:06:13.308: 00:06:13.312: 00:06:13.312: 00:06:13.320: 00:06:13.328: 00:06:13.328: 00:06:13.332: 00:06:13.332: 00:06:13.336: 00:06:13.336: 00:06:13.360: BR0:1 BR0:1 BR0:1 BR0:1 BR0:1 BR0:1 BR0:1 BR0:1 BR0:1 BR0:1 BR0:1 BR0:1 BR0:1 BR0:1 BR0:1 LCP: MagicNumber 0xE4225290 (0x0506E4225290) LCP: O CONFACK [REQsent] id 132 Len 15 LCP: AuthProto CHAP (0x0305C22305) LCP: MagicNumber 0xE4225290 (0x0506E4225290) LCP: I CONFACK [ACKsent] id 1 Len 10 LCP: MagicNumber 0x108130DD (0x0506108130DD) LCP: State is Open PPP: Phase is AUTHENTICATING, by the peer AUTH: Started process 0 pid 22 CHAP: I CHALLENGE id 118 Len 27 from "posets" CHAP: Using alternate hostname XXXXX CHAP: Username posets not found CHAP: Using default password CHAP: O RESPONSE id 118 Len 26 from "XXXXX" CHAP: I SUCCESS id 118 Len 4

! central receives a CHAP SUCCESS from ISP. *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar 1 1 1 1 1 1 1 1 1 1 1 00:06:13.360: 00:06:13.364: 00:06:13.364: 00:06:13.368: 00:06:13.368: 00:06:13.368: 00:06:13.372: 00:06:13.372: 00:06:13.376: 00:06:13.380: 00:06:13.380: BR0:1 PPP: Phase is UP BR0:1 IPCP: O CONFREQ [Not negotiated] id 1 Len 10 BR0:1 IPCP: Address 0.0.0.0 (0x030600000000) BR0:1 IPCP: I CONFREQ [REQsent] id 108 Len 10 BR0:1 IPCP: Address 194.183.201.1 (0x0306C2B7C901) BR0:1: IPPOOL: validate address = 194.183.201.1 BR0:1 set_ip_peer(3): new address 194.183.201.1 BR0:1 IPCP: O CONFACK [REQsent] id 108 Len 10 BR0:1 IPCP: Address 194.183.201.1 (0x0306C2B7C901) BR0:1 IPCP: I CONFNAK [ACKsent] id 1 Len 10 BR0:1 IPCP: Address 194.183.201.3 (0x0306C2B7C903)

! 194.183.201.3 is assigned by ISP to dialer 1 of central. *Mar 1 00:06:13.384: *Mar 1 00:06:13.384: *Mar 1 00:06:13.396: *Mar 1 00:06:13.400: *Mar 1 00:06:13.400: *Mar 1 00:06:13.400: 194.183.201.3 *Mar 1 00:06:13.412: *Mar 1 00:06:13.416: *Mar 1 00:06:14.360: changed state to up *Mar 1 00:06:19.276: unknown BR0:1 IPCP: O CONFREQ [ACKsent] id 2 Len 10 BR0:1 IPCP: Address 194.183.201.3 (0x0306C2B7C903) BR0:1 IPCP: I CONFACK [ACKsent] id 2 Len 10 BR0:1 IPCP: Address 194.183.201.3 (0x0306C2B7C903) BR0:1 IPCP: State is Open Di1 IPCP: Install negotiated IP interface address BR0:1 DDR: dialer protocol up Di1 IPCP: Install route to 194.183.201.1 %LINEPROTO5UPDOWN: Line protocol on Interface BRI0:1, %ISDN6CONNECT: Interface BRI0:1 is now connected to 6122

Related Information
Access Technology Support Pages Technical Support Cisco Systems

Contacts & Feedback | Help | Site Map 2010 2011 Cisco Systems, Inc. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of Cisco Systems, Inc.

Updated: Feb 04, 2010

Document ID: 14562